Show notes
Dominic: (
00:00)
Blacklists are a collection of email addresses that have been reported for having been used maliciously,
Ashley: (
00:09)
Welcome to cybersecurity demystified, where we explore the cybersecurity risks that small to medium sized businesses can face and give some easy, actionable advice to make your business more secure. My name’s Ash, I run a small video business and I didn’t take cyber security seriously until I got hacked and suffered the consequences.
Dominic: (
00:28)
And I’m Dominic, I’m a corporate chief information security officer using his experience to help small businesses.
Ashley: (
00:34)
So in this episode, we’re going to talk about blacklist, which before we really got into the detail of cybersecurity running a cyber line together, um, I’d heard nothing about, but they kind of lie at the heart of the hack that my business suffered. So my business, if I understand correctly, ended up on 14 global blacklists. And the implication of that at the end was that my whole everything to do with my business that was on the internet shut down completely. And luckily, uh, I had Dominic to give a call, but if I hadn’t, I’d have, uh, really not known where to turn. So, so that’s a consequence of blacklists, but what is a blacklist?
Dominic: (
01:20)
Well, blacklists are collections of email addresses that have been reported, uh, for having been used maliciously. Okay. Whether that’s, uh, for having sent, uh, emails or been recorded as sending fraud or spam, um, there’s lots of different blacklists with different focuses. Sometimes they focus on antivirus or viruses. Sometimes they focus on spam.
Ashley: (
01:44)
So sorry, that means if I was a company that was behaving in a way that was spammy. In my case, I think it was that someone had hacked into my website hosting and had set up a fake website on my hosting and had been spamming from that. So it wasn’t me that was doing the spamming. Is that becoming more common?
Dominic: (
02:03)
Absolutely. It doesn’t really matter what you are doing or what you think you’re doing. Your email address is being used by yourself or by somebody else. It could still be reported as a spamming or whatever it may be doing.
Ashley: (
02:16)
Okay. And, and these blacklists are they run by different organizations and why are there a number of them?
Dominic: (
02:23)
Yeah, there’s loads of them. Some are run by corporates for a profit. Um, but many of them are just run by individuals as a, as a hobby, uh, or security researchers as a way of collecting information and analyzing that information
Ashley: (
02:37)
Quite common that I’d never heard of a blacklist before this incident happened to me.
Dominic: (
02:42)
Generally, something used by, uh, IT guys, security researchers, security practitioners, um, typically the average person doesn’t doesn’t monitor them and doesn’t know what what’s going on. And they pop up and disappear quite quickly as, as the, the hobbyist or company that runs them decides they don’t want to carry on.
Ashley: (
03:02)
Is it an indicator that someone might have hacked me. Is this a way of tracking down?
Dominic: (
03:08)
Yeah, certainly if, if you are behaving, uh, honorably on the internet and you appear on a blacklist, something has probably happened to get you on there. Um, and that may well not be something you are aware that you’ve been doing on your email.
Ashley: (
03:24)
So what are the consequences of being on some of these blacklists?
Dominic: (
03:29)
Well, depending on which blacklists you are on, can have very different impacts. Some of them are very small and nobody pays any attention to, and you’ll not notice anything other bigger, more important ones are used by a lot of corporate and a lot of the big sort of email providers, Gmail, Hotmail, Yahoo, and people like that. Uh, and they will simply spot that you’re on a blacklist and block your messages. So you’ll no longer receive. So the messages that you send will just be black holed. They won’t be delivered to the recipient and they’ll be deleted by the system without, without any further notes.
Ashley: (
04:13)
Yeah. So in my case, we weren’t getting any emails in to any of our email addresses. I then got a phone call from a client who was telling me that all of our emails were showing up with red flags all over them. Our website went down and this was all in the same morning. And it suddenly makes you realize how dependent you are on the web. Because with a business like mine, my website going down again, I’m not selling anything on the site that wasn’t such an issue, but my main form of communication, we were in the middle of projects, you know, every hour lost on that is significant.
Dominic: (
04:48)
Email is the most for many people, the most critical form of communication nowadays, it’s also just worth pointing out that being on a blacklist itself doesn’t mean anything at all. The blacklist does not do anything. It’s the way that other people, uh, will use the information, all those blacklists. So just by being on a blacklist, you may not have any problems. However, if the recipient of a mail, you’re sending checks those blacklists before receiving your mail and you’re on one, they may well decide not to deliver it. They may just decide to deliver it to your spam, or they may decide to hold it and wait 12, 24 hours and see if you’re still on the blacklist then, and either deliver it or delete it at that point.
Ashley: (
05:34)
Are there any examples from your experience in the corporate world where blacklist had become an issue?
Dominic: (
05:40)
Yeah, certainly. So a company I was working for a number of years ago, their mails appeared on a blacklist after a marketing campaign. So they suddenly started sending out a lot of mail, um, which was unusual for that business. Um, we got put onto a blacklist and at trading mails stopped getting delivered. So we were no longer, we were a trading organization and those mails just were not being delivered. And that obviously was a significant issue.
Ashley: (
06:07)
Right. And also a bit of a challenge, I guess, between marketing and operations in terms of cause and effect.
Dominic: (
06:13)
Yeah. That’s very true. That’s why nowadays there are products out there that are designed to help marketing teams send bulk mail without impacting on your normal day to day corporate communications.
Ashley: (
06:29)
So if you’ve got a call from your client, they’re not getting your emails, you aren’t able to pick up emails and this is going on. What can you do about it
Dominic: (
06:36)
That I’m aware of? There’s about 200 high quality or reasonably high quality blacklists, and you need to go to each one of them and they all have an option to check and search their blacklist to identify whether your email address is on there or not. And they’ve got funny names. Most of them, something like spam eating monkey or a backscatter. Um, SORBS um, and some of them are just random, almost, almost random collection of letters. I think there’s one, uh, LNS, G O R or something.
Ashley: (
07:04)
So this is where we fall into the challenges, small to medium sized businesses, not having a, an it guy who isn’t phased by the kind of words that you’ve just said, which both sound kind of funny, but also clearly the, if the implication isn’t funny as it wasn’t in my case, then, uh, the seriousness of that and trying to get your head round. I mean, that’s, it’s really quite a scary situation.
Dominic: (
07:28)
Indeed and many of them, as I say, they’re run by, by IT geeks. Right? So they’re, they’re not all the most friendly interface for you to go on to. Um, some of them are very, very tech, heavy, very, very full of jargon and complex IT language. Um, so many of them aren’t even in English, um, there are Japanese, Spanish, French, Italian ones, um, that you could still be on. Certainly if you’re sending email to, uh, somebody who uses a, let’s say a Japanese email hosting provider, you may be on a Japanese, uh, blacklist,
Ashley: (
08:03)
Or if you’ve been hacked and they’re sending emails to absolutely. Yeah. Yeah. Okay. So moving on to solutions from what I’ve heard so far, there’s two sides to this one is making sure that your behavior on the internet doesn’t make this happen, but then if it does happen
Dominic: (
08:24)
Well, once, once it happens, you know, the very first thing to do is to stop whatever’s causing, causing you to get on this blacklist, because what can very easily happen is you, you make an appeal to the, to this, to the blacklist provider. Uh, they take you off the blacklist, but because you haven’t fixed the underlying problem, you immediately get reported and, and reacted. So the very first thing is, find out why you’ve appeared on there and stop that from happening.
Ashley: (
08:52)
And what if you can’t? I mean, if, if what it’s saying doesn’t make any sense to you. i.e. Someone else is doing something that you’re not
Dominic: (
09:00)
Sure, then you’re going to need to get some IT support in, uh, to closely examine your domain, your email systems, your websites, and they’re going to have to work to identify what’s what’s causing.
Ashley: (
09:12)
So again, going back to my story, it was that someone had put a fake bank website on my hosting and they were spamming people. So in terms of you helping me to figure that out, I think what happened was you looked at my web hosting and you dug deeper and then questioned a section on my hosting, i.e. Do you work with a large American bank? No, I don’t. So a case of deduction to try and figure out what was going on
Dominic: (
09:45)
Indeed. And once we, once you identify that this was not legitimately part of your website, we removed all of those files. You know, we searched through your code of your website to remove what in reference to that. Um, and that would have stopped the, the malicious email going out.
Ashley: (
10:02)
Okay. And then the next step is getting off these blacklists. So once you’ve solved either that your marketing department has been spamming people unintentionally, or you’ve been hacked, and something’s been going on, it’s a case of…
Dominic: (
10:16)
It depends on which blacklist you’re on. Some of them will allow you to just go in and report that you fixed the problem, please remove you, and they’ll immediately remove you or remove you after 12 hours or something like that. Others don’t give you that option. And they will just keep you on that blacklist for 24 hours and then take you off again, unless they get another report in that time.
Ashley: (
10:40)
Okay. So they’re scanning,
Dominic: (
10:41)
They’re all scanning. It depends also what the blacklist is, is about. If it’s a, you know, a virus blacklist, they may be a little bit more cautious about removing you than just a spam blacklist.
Ashley: (
10:56)
So wrapping up, Dom
Dominic: (
10:58)
So behave well online, don’t spam, make sure you’re not sending out viruses. And if you do find that your emails aren’t getting through your, your clients, your suppliers are saying, they’re not getting your emails try and find out frome one of these blacklists. So you know where to start.
Ashley: (
11:16)
So thanks for listening, Dom and I are the co founders of cyber alarm, which is a cyber security service for small to medium sized businesses. And in terms of blacklists, Dom, how do we help?
Dominic: (
11:27)
Well, we have a service that monitors all of the big blacklists, certainly the ones we’re aware of over 200 of them. And if you start to appear in any of those we’ll immediately let you know and give you some advice on what to do, what might be causing that and how to get off them.
Facebook
Linkedin
Copyright © 2019 Cyber Alarm Ltd.